Current approaches to categorizing IP network traffic typically rely on detailed analysis of the IP packet headers and contents to identify the type of traffic. For example, a Uniform Resource Locator (URL)-based categorization approach requires the Hypertext Transfer Protocol (HTTP) packet headers to be monitored, assembled, structured into fields, and then categorized using the URL field from HTTP GET transactions. Alternatively, a Deep Packet Inspection (DPI)-based approach requires a combination of packet headers, ports, and conversation signatures to be analyzed in order to determine the traffic category.
Unfortunately, both these approaches require the payload of the IP packets to be analyzed. In general, network traffic monitoring approaches that require the payload of IP packets to be analyzed have been met with concerns regarding violation of privacy. In fact, in some instances, analyzing the contents of the IP packets may result in a breach of Data Privacy regulations. For example, in some instances analyzing customer traffic Layer 5 and/or the payload may breach an individual's data privacy.
In general, where Data Privacy regulations do apply, network providers are permitted only to examine the content of data for the services they provide to their customers. Services provided by other parties (e.g. remote web services) may not be examined. Accordingly, in these instances and/or in instances where the content is encrypted, categorizing network traffic using these current approaches can be challenging.